SecurityAudit CLI is a command-line tool for auditing .NET projects' security.
Developed by AmirGhased and based on the OWASP Application Security Verification Standard (ASVS) v4.0.3).
- Verify permissions and access controls in the database
- Detect default or unnecessary accounts
- Validate encryption of sensitive data
- Check primary and foreign keys for data integrity
- Identify sensitive columns without access restrictions
- Prevent SQL Injection and unsafe inputs
- Audit database security configurations (e.g., SSL)
- Detect unused or legacy tables/columns
- Check hashing and encryption settings
- Ensure secure communication between application and database (e.g., TLS)
| Log Type | Emoji |
|---|---|
| RepoRoot | 📁 |
| Search | 🔍 |
| SecurityCheck | 🔒 |
| Success | ✅ |
| Failed | ❌ |
| Report | 📊 |
| End | 🏁 |
-
JUnit XML output saved to artifacts/security-report.xml
-
Console summary displays the number of Passed and Failed checks
AmirGhased GitHub: https://github.com/AmirGhased
Open-source and designed to follow OWASP ASVS guidelines.
Run CMD in path folder:
*cd path/to/DotNetSecurityCheck*
1 _ dotnet build SecurityAudit.sln
2 _ dotnet run --project ./SecurityAudit.Cli/SecurityAudit.Cli.csproj --root "SolutionName.sln"
3_ Check artifacts/security-report.xml for field details.